Quote:
Originally Posted by Relentless
Do you think PCI-DSS compliance is all that would be needed to achieve true data security? Is it reasonable, as some have suggested, to expect a tightening of data security regulations beyond what was necessary before this hack happened?
|
PDI-DSS data protection technology has other uses than the storage of customer credit card data. The same tokenization technology can protect sensitive customer data. The data security tokens that face the public internet, possibly exploitable, are useless in a server intrusion (aka; ''a hack'').
I cannot go into further details of the process but there is public information (not site specific) on the Internet.
I am unaware of the specifics of the Ashley Madison hack but it is my understanding, to the best of my knowledge, that the hack did not involve usable customer credit card data but only truncated credit card data, e.g.; xxx-xxx-xxx-123, that is all that I have read. That being the case, I would expect no changes in PCI-DSS standards from this event.